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DETAILED ACTION 

1 . This action is response to communication: RCE filed on 08/18/2008. 

2. Claims 18, 19, 21 , 22, 24-27, 29, 30, 34, 38-41 , and 43-46 are currently pending 
in this application. 

3. No new IDS has been received on this application. 

4. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .1 7(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
08/18/2008 has been entered. 

Response to Arguments 

5. Applicant's arguments with respect to the claims have been considered but are 
moot in view of the new ground(s) of rejection. 

Claim Objections 

6. The previous claim objections have been withdrawn in response to applicant's 
amendment. 

Claim Rejections - 35 USC §112 

7. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 
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8. Claims , 1 9, 21 , 22, 24-27, 29, 30, 34, 38-41 , and 43-46 are rejected under 35 
U.S.C. 112, second paragraph, as being indefinite for failing to particularly point out and 
distinctly claim the subject matter which applicant regards as the invention. 

As per the claims, the claims recite "mirrored" security processors. It is unclear 
what the term "mirrored" encompasses. It is unclear whether the security processors 
are exactly the same, or capable to perform the same type of functions, or have another 
meaning. As seen through the applicant's specification, the mirrored processors seem 
to be able to perform the same type of functions, as the mirrored security processors 
take over for one another in the event of failure. 

Claim Rejections - 35 USC § 103 

9. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

10. Claims 18, 19, 25-27, 38, 39, and 45-46 are rejected under 35 U.S.C. 103(a) as 
being anticipated by Simon et al. US Patent Application Publication 2003/0093691 
(hereinafter Simon), in view of Murthy et al. US patent No. 5,515,376 (hereinafter 
Murthy). 

As per claim 18, Simon teaches a method of providing redundancy in a security 
processing system comprising: establishing a first secure packet from through a first 
mirrored (paragraph 70 and 95) security processor (paragraphs 50, 51, 59); updating 
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security association information associated with the first secure packet flow (paragraphs 
59, 79, 80); establishing a second secure packet flow through a second mirrored 
(paragraphs 70 and 95) security processor (50, 51 , 59, Figure 1 , as these processes 
take place on multiple edge routers); updating security association information 
associated with the second secure packet flow (paragraphs 50, 51, 59, and Figure 1, as 
these processes take place on multiple edge routers); sending the updated security 
association information associated with the first secure packet flow form the first 
mirrored security processor to the second mirrored security processor at a first 
predefined interval (paragraphs 60, 64, 66, 70, 74, and 82, wherein paragraphs 70 and 
82 teaches that information may be distributed directly between edge routers, as it is 
advantageous to combine the functions of a cryptographic node with an edge router; 
also discussed in detail in paragraphs 72-73; ); sending the updated security 
association information associated with the second secure packet flow for the second 
security processor to the first security processor at a second predefined 
interval(paragraphs 60, 65, 66, 70, 74, and 82, wherein paragraphs 70 and 82 teaches 
that information may be distributed directly between edge routers; also, Figure 1, 
wherein it shows multiple edge routers, and wherein the paragraphs teach that the edge 
routers send each other the updated SA information; also discussed in detail in 
paragraphs 72 and 73); storing the updated security information associated with the first 
secure packet flow and the updated security association information associated with the 
second secure packet flow in the first security processor and in the second security 
processor (paragraphs 64-66 and 70). 
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However, at the time of the invention, Simon does not explicitly teach wherein the 
update packets have a custom routing header configured to allow routing of the first 
update packet through the security processors. However, this is taught by Murthy 
throughout the reference, such as in col. 22 line 60-68 and col. 9 line 35-50. 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to combine the Simon and Murthy references. One of ordinary skill in the art 
would have been motivated to perform such an addition to efficiently increase security 
measures through the monitoring of all the network segments (col. 2 lines 20-43 and 
col. 3 lines 3-5). 

As per claim 19, Simon teaches wherein the rerouting step is in response to a 
failure of packet flow through the first security processor (abstract, paragraph 79, 
paragraph 95). 

As per claim 25, Simon teaches generating at least one configuration 
packet including the security association information, wherein the sending step 
comprises sending the at least one configuration packet (paragraphs 54-55). 

As per claim 26, Simon teaches sending, by a host processor, configuration 
information to the first security processor and the second security processor 
(paragraphs 32-37, 55, 56, 57). 

As per claim 27, Simon teaches sending, by a host processor, security 
association configuration information to the first security processor and the second 
security processor (paragraphs 32-35, 37, 55, 56, 57). 
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Claim 38 is rejected using the same basis of arguments used to reject claim 18 

above. 

As per claim 39, Simon teaches at least one host processor connected to the at 
least one switch for terminating or initiating the first packet flow and the second packet 
flow (paragraph 43, Figure 3). 

As per claim 45, Simon rerouting the secure packet flow to flow through 
the second security processor instead of the first (paragraphs 70, abstract, and 
paragraph 95) 

As per claim 46, Simon teaches at least one host processor for establishing a 
first packet flow to a first security processor and a second packet flow to a second 
security processor (throughout the reference, and for example, paragraphs 70-73. 

1 1 . Claims 21 , 22, 24, 29-30, and 34 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over Simon and Murthy as applied above, and in view of Xiong et al. US 
Patent Application Publication 2003/0061507 (hereinafter Xiong). 

As per claim 21 , Murthy teaches sequence numbers, wherein the sequence 
number is incremented when an update packet is reeived from or transmitted to a 
network (col. 9 lines 35-50 and col. 22 liens 60-68). However, the Murthy combination 
does not teach wherein the sequence number is in the header portion of the packet. 
However, this is taught by Xiong, such as in paragraph 23. 
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At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to include a sequence number with a security association. One of ordinary skill 
in the art would have been motivated to perform such an addition, as sequence 
numbers are commonly associated with security associations. This is taught in 
paragraph 23 of Xiong.. Also, by incorporating sequence numbers, the transmissions 
are more secure, as they prevent replay attacks (also found in paragraph 23). 

As per claim 22, Xiong teaches wherein the security association information 
comprises at least one byte count (paragraph 23). 

As per claim 24, Xiong teaches wherein the sending step further comprises 
repeatedly sending the security association information at intervals according to at least 
one sequence number (paragraph 23; also Simon paragraphs 57, 60, and 66; wending 
updates to the security association is taught throughout Simon, and it would have been 
obvious to combine this with the teachings of Xiong to show that it may be sent in 
accordance to sequence numbers). 

As per claim 29, Simon teaches defining an interval at which to update the 
security association information in paragraphs 79-80. Xiong teaches defining a quantity 
to adjust a sequence number in paragraph 23. Xiong also teaches determining whether 
to send the security association information according to a comparison of a sequence 
number with the interval in paragraph 23. Although it does not teach a second 
processor, Simon teaches incorporating sending security associations to second 
security processors. 
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As per claim 34, Xiong teaches sending replay window information to the second 
security processor (paragraph 23, in combination with the Simon reference 
incorporating the second security processor). 

12. Claims 40, 41, 43, and 44 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Simon and Murthy as applied above, and in view of Rosenow et al. 
US Patent No. 5,022,076 (hereinafter Rosenow). 

As per claim 40, Simon teaches changing the routing of packet flow by either 
routing the first packet flow to the second security processor instead of the first security 
processor or routing the second packet flow to the first security processor instead of the 
second security processor (paragraphs 72, 73, 75, 76, and 77). However, Simon does 
not explicitly teach wherein the one host processor changes the routing of the packet 
flow. However, routing processes from one processor to another processor is well 
known in the art, as taught by Rosenow. Rosenow teaches throughout the reference 
the routing of processes from one processor to another processor, such as in the 
abstract and in col. 23 lines 59 to col. 24 line 1 1 . 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to combine the Rosenow reference with the Simon combination. One of ordinary 
skill in the art would have been motivated to perform such an addition to provide more 
reliability by creating a fault tolerant system. This is taught throughout Rosenow, such 
as in the abstract and col. 4 lines 15-61. 
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As per claim 41 , Rosenow teaches wherein the change in the routing is in 
response to a failure of the first packet flow through the first security processor or the 
second flow through the second security processor (abstract; col. 23 line 59 to col. 24 
line 11). Also, this is taught in Simon's abstract, paragraph 79, and paragraph 95. 

Claim 43 is rejected using the same basis of arguments used to reject claim 40 

above. 

Claim 44 is rejected using the same basis of arguments used to reject claim 40 
above, (it routes to whatever processor is working). 

Conclusion 

1 3. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JASON K. GEE whose telephone number is (571)272- 
6431 . The examiner can normally be reached on M-F, 7:00 am to 4:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 381 1 . The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Jason Gee 
Patent Examiner 
Technology Center 2100 
09/08/2008 

/Kambiz Zand/ 
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